CVE-2016-7553

LOW

irssi buf.pl < 2.13 - Information Disclosure via Weak Scrollbuffer Dump File Permissions

Title source: llm
STIX 2.1

Description

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

References (6)

Core 6
Core References
Mailing List, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/26/4
Mailing List, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/24/1
Patch, Vendor Advisory x_refsource_confirm
https://irssi.org/security/buf_pl_sa_2016.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93155

Scores

CVSS v3 3.3
EPSS 0.0039
EPSS Percentile 31.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-275
Status published
Products (1)
irssi/buf.pl < 2.13
Published Feb 27, 2017
Tracked Since Feb 18, 2026